Víctor Mayoral Vilches

Exploitation demonstrated at https://www.youtube.com/watch?v=tS2NpgHpz_0&feature=youtu.be

ping @LanderU, can we get a CWE here? Also, we should get a CVE ID for this one.

This vulnerability needs further triaged. It has been produced from my readings of the documentation and source code but now PoC is available at the moment.

Yeap, I don't have bandwith nor resources now for putting together a PoC but I'm somewhat confident this should be feasible. Leaving it as `triage` required. Hopefully we'll get resources...

Confirmed simple PoC. Referring back to https://github.com/aliasrobotics/RVD/issues/3316.

Ticket updated, PR added.

alurity.yml file to reproduce sros2 leak ```yaml networks: - network: - driver: overlay - name: net1 - encryption: true - subnet: 12.0.0.0/24 - network: - driver: overlay - name: net2...

Assumptions for a potentially vulnerable robotic system have been added.

This vulnerability has been demonstrated at https://github.com/vmayoral/basic_robot_cybersecurity/tree/master/robot_exploitation/tutorial12.

Demonstration available at https://asciinema.org/a/EJ5ZzqAbiVvPLyNABXyOk3iez Reproduction simplified with the following `alurity.yml` file: alurity.yml ```yaml networks: - network: - driver: overlay - name: urnetwork - encryption: false containers: - container: - name:...